Family Educational Rights and Privacy Act (FERPA)

 

The Family Educational Rights and Privacy Act (FERPA) was passed in 1974. Under FERPA, a school may not generally disclose personally identifiable information from an eligible student’s education records to a third party without written consent. However, there are a number of exceptions to this rule, which the Department of Education has laid out in a simple chart.

 

What you need to know:

  • FERPA gives parents certain rights with respect to their children’s education records. Generally, schools must have written permission from the parent or eligible student in order to release any information from a student’s educational record. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.
  • Schools must provide parents (or certain eligible students) with an opportunity to inspect and review their student’s education records within 45 days. If a service provider is maintaining or storing student records, they should be aware of the time limits for processing such requests.
  • Parents (or certain eligible students) have the right to request that schools amend their student’s education records that include inaccurate or misleading information.

SOPIPA

 

California recently passed the first state law in the nation that comprehensively addresses student privacy called The Student Online Personal Information Protection Act (SOPIPA). SOPIPA becomes effective on January 1, 2016 and applies to websites, applications and online services who have actual knowledge that the service is being used for K-12 school purposes and was designed and marketed for K-12 purposes.

 

What you need to know:

  • Prohibits use of targeted advertising
  • Prohibits operators of online educational services from selling student data and using such information to target advertising to students or to “amass a profile” on students for a non-educational purpose.
  • Requires online service providers to maintain adequate security procedures and to delete student information at the request of a school or district

 

*Twenty other states have enacted student data privacy laws, but California is unique in making industry directly responsible for ensuring the privacy of student data.

The Student Privacy Pledge

 

The Future of Privacy Forum (FPF) and the Software & Information Industry Association (SIIA) announced a K-12 school service providers Pledge to safeguard student privacy built around a dozen commitments regarding the collection, maintenance, and use of student personal information.

The Student Privacy Pledge will hold school service providers accountable to:

  • Not sell student information
  • Not use behaviorally targeted advertising
  • Use data for authorized education purposes only
  • Not change privacy policies without notice and choice
  • Enforce strict limits on data retention
  • Support parental access to, and correction of errors in, their children’s information
  • Provide comprehensive security standards
  • Be transparent about collection and use of data.

An initial leadership group of major school service providers signed the Pledge; at least two dozen more have since joined them, and more come in every day. The group is made up of some of the leading names in education technology, including Amplify, Code.org, DreamBox Learning, Edmodo, Follett, Gaggle, Houghton Mifflin Harcourt, Knewton, Knovation, Lifetouch, Microsoft, MIND Research Institute, myON, and Think Through Math.

Pledge Endorsed by President Obama

Student Digital Privacy Act – Proposed Legislation

 

The White House unveiled the Student Digital Privacy Act, addressed by President Obama in his Road to the State of the Union Tour at the FTC on January 12, 2015. The legislation was proposed in an effort to keep our children safe even with the fast-evolving nature of technology. The proposed legislation is patterned on California’s new law (SOPIPA), and the Future of Privacy Forum and SIIA’s voluntary pledge for educational software vendors

 

What you need to know:

  • It will make it illegal for companies to sell student data to third parties for non-educational purposes.
  • The law would ban advertisers from targeting students based on data collected in schools.
  • Companies must delete a student’s information if the school or district requests deletion of this information
  • The Act will not apply to general audience sites, apps and online services outside of the school context.
  • The Act does not prohibit an operator from sharing aggregated de-identified student covered information for research and development.